MuddyWater hackers use Chaos ransomware as a decoy in attacks
7 Articles
7 Articles
Iranian state-backed spies pose as ransomware slingers in false flag attacks
An Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises. APT group MuddyWater (aka Seedworm) is masquerading as the Chaos ransomware-as-a-service group to confuse incident response and mask its spying and cyber-sabotage, according to research by security vendor Rapid7. The attacks — geared toward stealing data rather than encrypting it — typically involve …
State-sponsored cyber attacks have evolved to a level where they are confused with common digital crimes. This strategy makes it difficult to respond to incidents and increases the time for invaders to stay in compromised networks. A recent example involves the Iranian MuddyWater group, which has started using the Chaos ransomware as a front for digital spying operations. The campaign, analyzed by Rapid7, shows how simple social engineering tech…
The Hacker News
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection sequence. Although the incident
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
